logo
DATABASE RESOURCES PRICING ABOUT US

Medium: libxml2

Description

**Issue Overview:** A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.(CVE-2015-8242) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.(CVE-2015-7500) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.(CVE-2015-8317) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.(CVE-2015-7497) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.(CVE-2015-7498) A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.(CVE-2015-1819) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.(CVE-2015-7941) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.(CVE-2015-7499) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.(CVE-2015-8241) A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU.(CVE-2015-5312) A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.(CVE-2015-7942) It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.(CVE-2015-8710) **Affected Packages:** libxml2 **Issue Correction:** Run _yum update libxml2_ to update your system. **New Packages:** aarch64:     libxml2-2.9.1-6.amzn2.3.2.aarch64     libxml2-devel-2.9.1-6.amzn2.3.2.aarch64     libxml2-static-2.9.1-6.amzn2.3.2.aarch64     libxml2-python-2.9.1-6.amzn2.3.2.aarch64     libxml2-debuginfo-2.9.1-6.amzn2.3.2.aarch64 i686:     libxml2-2.9.1-6.amzn2.3.2.i686     libxml2-devel-2.9.1-6.amzn2.3.2.i686     libxml2-static-2.9.1-6.amzn2.3.2.i686     libxml2-python-2.9.1-6.amzn2.3.2.i686     libxml2-debuginfo-2.9.1-6.amzn2.3.2.i686 src:     libxml2-2.9.1-6.amzn2.3.2.src x86_64:     libxml2-2.9.1-6.amzn2.3.2.x86_64     libxml2-devel-2.9.1-6.amzn2.3.2.x86_64     libxml2-static-2.9.1-6.amzn2.3.2.x86_64     libxml2-python-2.9.1-6.amzn2.3.2.x86_64     libxml2-debuginfo-2.9.1-6.amzn2.3.2.x86_64 ### Additional References Red Hat: [CVE-2015-1819](<https://access.redhat.com/security/cve/CVE-2015-1819>), [CVE-2015-5312](<https://access.redhat.com/security/cve/CVE-2015-5312>), [CVE-2015-7497](<https://access.redhat.com/security/cve/CVE-2015-7497>), [CVE-2015-7498](<https://access.redhat.com/security/cve/CVE-2015-7498>), [CVE-2015-7499](<https://access.redhat.com/security/cve/CVE-2015-7499>), [CVE-2015-7500](<https://access.redhat.com/security/cve/CVE-2015-7500>), [CVE-2015-7941](<https://access.redhat.com/security/cve/CVE-2015-7941>), [CVE-2015-7942](<https://access.redhat.com/security/cve/CVE-2015-7942>), [CVE-2015-8241](<https://access.redhat.com/security/cve/CVE-2015-8241>), [CVE-2015-8242](<https://access.redhat.com/security/cve/CVE-2015-8242>), [CVE-2015-8317](<https://access.redhat.com/security/cve/CVE-2015-8317>), [CVE-2015-8710](<https://access.redhat.com/security/cve/CVE-2015-8710>) Mitre: [CVE-2015-1819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819>), [CVE-2015-5312](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312>), [CVE-2015-7497](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497>), [CVE-2015-7498](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498>), [CVE-2015-7499](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499>), [CVE-2015-7500](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500>), [CVE-2015-7941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941>), [CVE-2015-7942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942>), [CVE-2015-8241](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241>), [CVE-2015-8242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242>), [CVE-2015-8317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317>), [CVE-2015-8710](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.2
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.2

Related